Curated Catalyst (Sept 13-15) - New interview series, complexity, amateurs, and crowded restaurants

Three articles curated to provoke thinking, create conversation, and purposefully cross-pollinate diverse solutions in the field of information security.

Next week I'm heading to Washington, DC to participate in the Cyber Security Think Tank hosted by Dell on Tuesday. They've invited a panel to discuss the current and coming landscape of security.

I'm excited. It promises to be a good opportunity to engage in needed discussion.

The event is going to be streamed online. I'll share the details on Monday, but hope you can join in on twitter, look in, and participate in the conversation. 

Announcing the Catalyst Conversations Series

For the last few weeks, I've been working to develop an interview series. I'm calling it the Catalyst Conversation series. This is an opportunity to showcase some of the amazing conversations and insights from the people I meet and work with.

The first of the conversations comes next week. I look forward to more and working with you to tailor the approach for the benefit of our industry.

In the meantime, here are three articles selected to stimulate some thinking -- and discussion -- on how we might draw on other fields to improve our approach to the practice of security.

Complexity and the Ten-Thousand-Hour Rule


What I took away from it:disciplined practice in pursuit of getting better. Maybe it does take 10,000 hours. Maybe it takes more.

To be a security professional with high achievement, it takes time. Purposeful effort with

This means a few things:

  1. When we attain even a few thousand hours staring at a problem and gaining the experience and insight to fix it, we have to remember that the people we're trying to explain it to lack those hours and experiences. It takes longer to get to the point where we can explain it.
  2. Our field is maturing to the point where it finding a specialty/niche and really focusing on the mastery of it is a choice worthy of consideration. I spent a full decade as a generalist -- when that was easy, expected, and accepted. I still think that matters, but then went on to find my niche.

What's yours?

Amateurs Get Angry With Clients. Professionals Educate Them.


What I took away from it:

This hits home. If we want to be professionals, we have to focus on educating. That means a shift in strategy and a change in tactics. It means rethinking how we share and teach people. It also means learning and engaging in more dialog.

This is an imperative. We can do it. We have to.



What I took away from it:

This lays out the power of a concept dubbed "social proof." Bars do this, too. We slow down the door to create the appearance of a line… which, oddly, entices more people to want to come.

We can use the same concept in security. The question is "how do we create social proof" for our efforts? How do we lower the risk and increase the social signals that this is good. Better than good, to make it desired.

This article holds some insights to get started on that path.

How did these resonate with you?

Selecting an article isn't necessarily an endorsement. The purpose is to purposefully cross-pollinate ideas, offer out ideas for consideration, and stimulate some conversation.

Take a few minutes to read, reflect, and advance. Engage with me by commenting below, on twitter, or by email. Or discuss with your team and colleagues.

Have some outside thinking that others would benefit from? Send it to me -- and tell me what you took away from it.

New! Download the State of Cybercrime 2017 report